v0.7.xSecurity
Hardening sweep + admin panel polish
- Password reset: full token-based ceremony, 30-minute TTL, anti-enumeration
- Marketing contact form is now live (rate-limited, schema-validated)
- New /api/health endpoint on the user-app for K8s probes
- Stronger sign-up password policy (3-of-4 character classes)
- Session expiry now redirects with a friendly notice instead of failing silently
- Web app: skip-link, ARIA wiring on auth forms, autocomplete hints
- Admin: all destructive buttons now gated by client-side RBAC
- Admin: per-staff mutation rate-limit (stolen-session defence)
- Admin: refund-partial now tracks cumulative refunded amount
- PII access log table — every staff read of customer PII is audited
- TOTP secret encryption-at-rest (env-driven AES-256-GCM)